Patch release notes 2009a
Release notes for Vyatta NOS 2009a, released October 26, 2020.
Issues resolved
Issues resolved in release 2009a.
Issue number | Priority | Summary |
---|---|---|
VRVDR-53138 | Blocker | IPsec RA-VPN Client and Server regression broken on latest Halifax regression builds |
VRVDR-52918 | Blocker | 1912f - Hardware CPP not conforming to limiter rates |
VRVDR-52906 | Blocker | QoS - Bandwidth Must match <<number><suffix>> |
VRVDR-47760 | Blocker | J2: QoS - Increase configuration limits for 100G for hardware platforms |
VRVDR-53342 | Critical | uSDE-->Node showing error while checking show interfaces dataplane dp0s9 affinity Attach |
VRVDR-53302 | Critical | Boundary Clock lost sync and is unable to re-acquire lock |
VRVDR-53278 | Critical | Desired speed in VOQ setup can overflow int param |
VRVDR-53102 | Critical | OSPFv2: prefer loopback address for use as forwarding address in NSSA LSAs |
VRVDR-53065 | Critical | YANG tweaks to allow NCS to compile Vyatta YANG files |
VRVDR-53014 | Critical | commit-confirm not working via vcli scripts |
VRVDR-52995 | Critical | Grub update during image upgrade is broken |
VRVDR-52994 | Critical | BFD: Show bfd session details shows incorrect stats |
VRVDR-52993 | Critical | License enforcement for hardware other than UFI-SPACE is bringing down the dataports |
VRVDR-52912 | Critical | service-user creation fails due to moved SSSD databases |
VRVDR-52885 | Critical | The dataplane interfaces are down when configuring the cpu-affinity |
VRVDR-52855 | Critical | Creating service users fails |
VRVDR-52850 | Critical | Egress ACL in s/w path will not match router originated traffic |
VRVDR-52841 | Critical | S9500-30XS: Receiving only 10Gig traffic going over 25Gig links |
VRVDR-52740 | Critical | show interfaces affinity and show interfaces identify returns error Error: Unknown RPC |
VRVDR-52451 | Critical | bgpd process crashed when performing snmpwalk with BGP configuration |
VRVDR-52401 | Critical | Degradation of throughput by 10%-40% on v150 with 100M physical interface and QOS |
VRVDR-52383 | Critical | PTP: Internal errors causing PTP stack not to be created |
VRVDR-51749 | Critical | DHCPv6 address not getting renewed automatically on client node after DHCP server rebooted and only works when deleted/reconfigured DHCPv6 config was added on the client node. It works fine for DHCPv4. |
VRVDR-51678 | Critical | PTP: Slave clock sees significant time-error when GPS signal fails on SIAD, when it switches to PTP |
VRVDR-51256 | Critical | ACM VCI component does not seem to work correctly with only default values |
VRVDR-43307 | Critical | vyatta-ike-sa-daemon: TypeError: 'IKEConfig' object does not support indexing |
VRVDR-53314 | Major | dhcp-client overlap-subnet script fails on DANOS due to missing vrfmanager Python module |
VRVDR-53275 | Major | Flexware: Update platform detection for new large boxes based on latest production boxes |
VRVDR-53244 | Major | Barcelona board should be made generic |
VRVDR-53199 | Major | Configuring unreachable static route causes a zebra and dataplane restart |
VRVDR-53191 | Major | IPsec commands do not work unless acm rules for rpc-default and notification-default are configured |
VRVDR-53062 | Major | Missing logs for enforcement action taken for licensing |
VRVDR-53061 | Major | Allow ACL rulesets to set an address-family flag in the group structure |
VRVDR-53022 | Major | [ext]community-list and access-list translation issues in DANOS |
VRVDR-52997 | Major | tacplusd get_tty_login_addr() may overflow buffer |
VRVDR-52910 | Major | service-users LDAP password and local encrypted-password values not redacted in audit logs or TACACS+ authorization requests |
VRVDR-52909 | Major | RIP MD5 passwords not redacted in audit logs or TACACS+ authorization requests |
VRVDR-52851 | Major | FAL Broadcom plugin needs to be tuned to optimize to 100G QoS performance |
VRVDR-52843 | Major | Output of static entries in ARP table has changed |
VRVDR-52739 | Major | Port value in tunnel policy without specifying protocol causes error protocol must be formatted as well-known string. for the IPsec show commands |
VRVDR-52677 | Major | When multiple peers use the same local-address, no authentication ids, and unique pre-shared-keys IKEv2 based IPsec stuck in 'init' for all but one peer |
VRVDR-52611 | Major | i40e driver silently drops multicast packets causing VRRP dual master |
VRVDR-52468 | Major | Neg Rx value not updated if requested value cannot be used |
VRVDR-52404 | Major | ICMP error returned with corrupted inner header causes seg-fault when passed through a FW/NAT44/PBR rule with logging enabled |
VRVDR-52188 | Major | start virt guest XYZ does not report errors |
VRVDR-51332 | Major | PTP: Unable to cope with config change where master and slave swap ds-ports (slave does not come up) |
VRVDR-52825 | Minor | Configuring three sub-levels of time-zone is not possible, causing upgrade from earlier version to fail |
VRVDR-52546 | Minor | GUI hangs/loading and finally timeout with an error message on browser |
Security vulnerabilities resolved
Security vulnerabilities resolved in release 2009a.
Issue number | CVSS | Advisory | Summary |
---|---|---|---|
VRVDR-52921 | 7.9 | DSA-4760-1 | CVE-2020-12829, CVE-2020-14364, CVE-2020-15863, CVE-2020-16092: Debian DSA-4760-1: qemu security update |
VRVDR-53283 | 7.8 | DSA-4769-1 | CVE-2020-25595, CVE-2020-25596, CVE-2020-25597, CVE-2020-25599, CVE-2020-25600, CVE-2020-25601, CVE-2020-25602, CVE-2020-25603, CVE-2020-25604: Debian DSA-4769-1: xen security update |
VRVDR-53273 | 7.8 | DLA-2385-1 | CVE-2019-3874, CVE-2019-19448, CVE-2019-19813, CVE-2019-19816, CVE-2020-10781, CVE-2020-12888, CVE-2020-14314, CVE-2020-14331, CVE-2020-14356, CVE-2020-14385, CVE-2020-14386, CVE-2020-14390, CVE-2020-16166, CVE-2020-25212, CVE-2020-25284, CVE-2020-25285, CVE-2020-25641, CVE-2020-26088: Debian DLA-2385-1: linux-4.19 LTS security update |